View Single Post
  #1   (View Single Post)  
Old 27th January 2017
psypro psypro is offline
Shell Scout
 
Join Date: Mar 2016
Location: Continent:Europe
Posts: 124
Default Hacked or spoofed?

Spam has been sent from my email.
In my gmail inbox, sent folder I found "sexy Asian women" spam sent
Today I have changed password for gmail.

But I wonder, can this file give information to how this happend?

a) Attacker broke into my account? (No sign of login from strange place in gmail security page for account. I saw 30 days back. Only 4 spam mails where sent that are registert at my gmail account)

b) I see refernces to sendgrid.net and sendgrid.me US based IP. I have never used such service. I only use gmail.smtp. Is this some kind of spoofing where attacker had no access to my email account? But how can spoofed item be list as sent by google, in the sent folder?

c) Something else. I dont know.
Code:
Delivered-To: hidden@gmail.com
Received: by 10.176.86.76 with SMTP id z12csp813392uaa;
Wed, 25 Jan 2017 07:09:29 -0800 (PST)
X-Received: by 10.99.53.195 with SMTP id c186mr40060pga.24.1485969641;
Wed, 25 Jan 2017 07:09:29 -0800 (PST)
Return-Path: <bounces+4628381-eadc-hidden=gmail.com@sendgrid.net>
Received: from o9.shared.sendgrid.net (o9.shared.sendgrid.net. [173.193.132.134])
by mx.google.com with ESMTPS id h186si20087pfe.17.2017.01.25.07.09.28
for <hidden@gmail.com>
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Wed, 25 Jan 2017 07:09:29 -0800 (PST)
Received-SPF: pass (google.com: domain of bounces+4628381-eadc-hidden=gmail.com@sendgrid.net designates 173.193.132.134 as permitted sender) client-ip=173.193.132.134;
Authentication-Results: mx.google.com;
dkim=pass header.i=@sendgrid.me;
spf=pass (google.com: domain of bounces+4628381-eadc-hidden=gmail.com@sendgrid.net designates 173.193.132.134 as permitted sender) smtp.mailfrom=bounces+4628381-eadc-hidden=gmail.com@sendgrid.net;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=gmail.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=sendgrid.me;
h=mime-version:content-type:to:from:list-unsubscribe:cc:subject:sender:list-id:x-feedback-id;
s=smtpapi; bh=cq1OM20YPw0qVurgX2FACj/WGWI=; b=ezyVSyrQiSw7hARaHC
uUohe9hFp7tLC7Khqt/s5...hyEAp1OY6vLcMn5su5mqV4JnbcOCIiJoZqjXOY
QEoJVJfXO/MSLFgUKXXBgijxsNpRGict8Ql6dZHdUx+RHWYV7jAiSOPH/GNKI3fo
e+71HSi5G07yBwdqq....=
Received: by filter0090p1las1.sendgrid.net with SMTP id filter0090p1las1-30064-5888BF65-92
2017-01-25 15:08:21.748146824 +0000 UTC
Received: from webcommezrc.com (webcommezrc.com [50.21.180.110])
by ismtpd0005p1iad1.sendgrid.net (SG) with ESMTP id VBVs-CKdQuadV8M5RaNCWA
for <hidden@gmail.com>; Wed, 25 Jan 2017 15:08:21.317 +0000 (UTC)
Date: Wed, 25 Jan 2017 10:08:18 -0500
Mime-Version: 1.0
Content-Type: Multipart/MiXeD;Boundary="OIOUIOUIOUIOIO"
Received: from 65.39.215.77 (127.0.0.1) smoothstone.net
To: to@tqVZ.smoothstone.net
X-Pnj: <AUT2b.7cLA.ERccoIaDssq@smoothstone.net>
From: <hidden@gmail.com>
List-Unsubscribe: <mailto:unsubscribe-mc.us11_80c1e39fe0fa900e4b1398044.4584703ca2-b81e2bacec@mailin1.us2.mcsv.net?subject=unsubscrib e>
Cc: <cLfls.ThuB.DeRhDBytvP3@smoothstone.net>
Subject: 0..AsɪᴀɴGɪʀʟsLá´á´á ´‹ÉªÉ´É¢FᴏʀSᴇʀɪᴠá´œsDᴀᴛɪɴɢ
Sender: "National Protection" <sales=nationalvehiclewarranty.com@smoothstone.net >
Message-id: <uTNqG.P8t8.6GUYluOW3ty@smoothstone.net>
List-ID: 80c1e39fe0fa900e4b1398044mc list <80c1e39fe0fa900e4b1398044.331849.list-id.mcsv.net>
X-SG-EID: eTvhVS1mkFCtXfJg9nYV8MWvTJDNxEqeJ9/v33QxYCIMFnBaH8RhStUHXSaJWQXSVraBdNODSGFbi0
FVEd2B+9B+c5cckDTAAIp+VjBsBpRhTJSh47Ffs4Blk4XOegzG Z2SuuDH3X4GgOQ4zj37CoDi8669a
eTVWv9Jemh2FtMG1WVQVsx8/w6N4r2CGh8LS
X-Feedback-ID: 4628381:IBsefFD+cJblXbyIZ4XnGd5gxHOdLFa8aesyzyBRBZ 8=:IBsefFD+cJblXbyIZ4XnGd5gxHOdLFa8aesyzyBRBZ8=:SG

--OIOUIOUIOUIOIO
Content-Type: text/html;
Content-Type: text/html;
Content-Type: text/html;

Last edited by ocicat; 27th January 2017 at 03:57 PM. Reason: Please wrap file contents with [code] & [/code] tags.
Reply With Quote